About
This page shows you how to forward your traffic based on a port with the forward-port rule.
How to forward the port 443 to the port 8443
As a zone option
In a zone option, you can add directly port forwarding directly without using a rich rule.
firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443
Other commands are available to manage the forward-port option:
- List IPv4 forward ports
firewall-cmd --list-forward-ports
- Add the IPv4 forward port
firewall-cmd --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
- Remove the IPv4 forward port
firewall-cmd --remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
- Return whether the IPv4 forward port has been added
firewall-cmd --query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
With a rich rule
Add the forward-port rich rule
rule forward-port family=ipv4 port=443 protocol=tcp to-port=8443
Example:
firewall-cmd --permanent \
--add-rich-rule='rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443'
The forward-port rule may also forward a packet to another address. The whole rule format is:
<forward-port port="portid[-portid]" protocol="tcp|udp" [to-port="portid[-portid]"] [to-addr="address"]/> |